• boonhet@lemm.ee
      link
      fedilink
      arrow-up
      55
      ·
      6 months ago

      Worked at a company where the previous devs had implemented their own frameworks for front and backend. Obviously 200 was the only possible code.

    • jballs@sh.itjust.works
      link
      fedilink
      English
      arrow-up
      34
      ·
      6 months ago

      This legitimately happened to me a few months ago. A vendor API was returning HTTP 200 with the error details embedded in the JSON response. It was a pain in the ass to troubleshoot.

      • morbidcactus@lemmy.ca
        link
        fedilink
        arrow-up
        2
        ·
        edit-2
        6 months ago

        Yeah, had that happen a few years ago, thankfully there was a consistent status attributes in the response that I could use but still, annoying

      • Ironfacebuster@lemmy.world
        link
        fedilink
        arrow-up
        2
        ·
        6 months ago

        I guess I might be evil but when I made APIs for my projects I do this, since I blindly accept the response then look at the JSON to see if it was accepted or not

        Something like

        if (body_has(JSON)) do_stuff_with(JSON) // including error handling if the response has an error else error_no_json()

        I do this since I feel like JSON errors should be separate from HTTP errors

        • jballs@sh.itjust.works
          link
          fedilink
          English
          arrow-up
          4
          ·
          6 months ago

          The problem I ran into was the response returned a JSON body, but then had an “error” attribute that was returned in it that had the error details. So we were parsing the JSON and loading elements into our database. We were hitting the API passing in a datetime of when the last success job was run, so basically saying “give me everything that’s changed since I last called you.”

          So yeah, eventually we noticed we were missing small chunks of data. It turned out that every time the API errored out, we’d get a valid JSON response that contained the error message, but it didn’t have the attributes we were looking for. So didn’t load anything, but updated our timestamp to say when our last successful call was.

          Huge pain in the ass to troubleshoot, because the missing data was scattered with no distinguiable pattern.

            • jballs@sh.itjust.works
              link
              fedilink
              English
              arrow-up
              2
              ·
              6 months ago

              That would have been fine for me too. I don’t own the API, so I can only speak from a consumer perspective in saying: I don’t want a HTTP 200 if my request didn’t succeed.

    • fibojoly@sh.itjust.works
      link
      fedilink
      arrow-up
      8
      ·
      6 months ago

      I’ve had this so often… very frustrating.

      I like to think the 400 within a 200 is for “look, I managed to reply to you. But there is bad news”

  • lazyneet
    link
    fedilink
    arrow-up
    51
    ·
    6 months ago

    The sad reality is that when you look at the files being requested, it’s usually scrapers looking for exploits.

  • 9point6@lemmy.world
    link
    fedilink
    arrow-up
    20
    ·
    6 months ago

    releases a change where all routes accidentally go to the error page controller

    🤷‍♂️ They’re 4xx errors, won’t be us

  • Ironfacebuster@lemmy.world
    link
    fedilink
    arrow-up
    12
    ·
    6 months ago

    if (request.ip != myip) return ErrorCodes.NotFound

    And an ipv6 version for all you up 6 fans

    if (request.ipv6 != myipv6) return ErrorCodes.NotFound